HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 182
Force-enabling a disabled disk LUN for encryption, Tape pool configuration, Tape pool labeling
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 182 highlights
3 Tape pool configuration Force-enabling a disabled disk LUN for encryption You can force a disk LUN to become enabled for encryption when encryption is disabled on the LUN. A LUN may become disabled for various reasons, such as a change in policy from encrypt to cleartext when encrypted data (and metadata) exist on the LUN, a conflict between LUN policy and LUN state, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN may result in a loss of data and should be exercised with caution. Refer to Chapter 6, "LUN policy troubleshooting" on page 234 for a description of conditions under which a LUN may be disabled, and for recommendations on re-enabling the LUN while minimizing the risk of data loss. This procedure must be performed on the local switch that is hosting the LUN. No commit is required to force-enable after executing this command. 1. Log in to the switch that hosts the LUN as Admin or FabricAdmin. 2. Enter the cryptocfg --enable -LUN command followed by the CryptoTarget container name, the LUN Number, and the initiator PWWN. FabricAdmin:switch>cryptocfg --enable -LUN my_disk_tgt 0x0 \ 10:00:00:00:c9:2b:c9:3a Operation Succeeded Tape pool configuration Tape pools are used by tape backup application programs to group all configured tape volumes into a single backup to facilitate their management within a centralized backup plan. A tape pool is identified by either a name or a number, depending on the backup application. Tape pools have the following properties: • They are configured and managed per encryption group at the group leader level. • All encryption engines in the encryption group share the same tape pool policy definitions. • Tape pool definitions are only used when writing tapes. The tape contains enough information (encryption method and key ID) to enable any encryption engine to read the tape. • Tape pool names and numbers must be unique within the encryption group. • If a given tape volume belongs to a tape pool, tape pool-level policies (defaults or configured values) are applied and override any LUN-level policies. • Tape drive (LUN) policies are used if no tape pools are created or if a given tape volume does not belong to any configured tape pools. NOTE Tape pool configurations must be committed to take effect. Expect a five second delay before the commit operation takes effect.There is an upper limit of 25 on the number of tape pools you can add or modify in a single commit operation. Attempts to commit a configuration that exceeds this maximum fails with a warning. Tape pool labeling Tape pools may be identified by either a name or a number depending on your backup application. Numbers are always entered and displayed in hex notation. Names and numbers are independent; it is possible to have one tape pool with the name ABC and another with the hex number ABC. 162 Fabric OS Encryption Administrator's Guide 53-1002159-03